Language Selection

English French German Italian Portuguese Spanish

OpenSSH 8.2 was released on 2020-02-14.

Filed under
Security
BSD

It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

Read more

Also: DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance

OpenSSH 8.2 Released With FIDO/U2F Support

  • OpenSSH 8.2 Released With FIDO/U2F Support

    OpenSSH 8.2 is out this Valentine's Day as the leading SSH suite. Besides working to disable the SSH-RSA public key signature algorithm due to SHA1 collision attacks, OpenSSH 8.2 also comes with new features.

    The shiny new feature of OpenSSH 8.2 is support for FIDO/U2F hardware authenticators. FIDO/U2F two-factor authentication hardware can now work with OpenSSH 8.2+, including ssh-keygen can be used to generate a FIDO token backed key. Communication to the hardware token with OpenSSH is managed by a middleware library specified via the SSH/SSHD configuration, including the option for its own built-in middleware for supporting USB tokens.

OpenSSH adds support for FIDO/U2F security keys

New Qt5 and OpenSSH in [Slackware] Current

  • New Qt5 and OpenSSH in [Slackware] Current

    Another big thing happening in -current is the new OpenSSH 8.2 release which will bring some incompatible changes, especially if you are still using ssh-rsa as the algorithm. To test whether your machine is affected, try to run this command in your shell

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

    If you managed to connect using the above command, it means that your OpenSSH software is fine, but if you don't, then it needs to be upgraded.

Corbet at LWN

  • OpenSSH 8.2 released

    OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm, which may disrupt connectivity to older servers; see the announcement for a way to check whether a given server can handle newer, more secure algorithms. Also new in this release is support for FIDO/U2F hardware tokens.

OpenSSH Now Supports FIDO/U2F Security Keys

  • OpenSSH Now Supports FIDO/U2F Security Keys

    OpenSSH is, by far, the single most popular tool for logging into remote servers and desktops. SSH logins are generally considered fairly safe, but not 100%. If you’re not satisfied with the out the box security offered by OpenSSH, you can always opt to go with SSH key authentication. If that’s not enough, there’s always 2 Factor Authentication, which would then require you to enter a PIN generated by an application such as OTPClient or Authy.

    As of OpenSSH 8.2, there’s a newly supported option, FIDO/U2F security keys. What this means is that you can now use 2FA hardware keys (such as the Yubi Key) to authenticate your SSH login attempt.

    2FA is often considered the easiest method of adding an additional layer of security to SSH logins. However, for many, Hardware Keys are considered the single most secure means of preventing hackers from brute-forcing your SSH passwords. To make things easy, the OpenSSH developers have made it possible to generate a FIDO token-backed key using the ssh-keygen command. So anyone used to creating SSH keys shouldn’t have any problem getting up to speed with integrating hardware keys into SSH.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

F(x)tec Pro1-X Announced – with physical keyboard, Lineage OS and Ubuntu Touch support but dated Snapdragon 835

Today, F(x)tec has re-launched their Pro1 smartphone, but renamed as Pro1-X and running LineageOS out of the box combined with compatibility with Ubuntu Touch OS. The phone has been developed in partnership with XDA, hence the name. The hardware remains the same which includes the dated Qualcomm Snapdragon 835 chipset; however, this phone isn't about raw power, it is a productivity tool with a strong focus on privacy. It will then combine the chipset with 8GB of RAM a 5.99-inch FHD+ AMOLED display, an 8MP front-facing camera, and a 12MP camera at the rear. Read more

Python Programming

Announcing NetBSD 9.1

The NetBSD Project is pleased to announce NetBSD 9.1, the first update of the NetBSD 9 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Read more Also: NetBSD 9.1 Released With Parallelized Disk Encryption, Better ZFS, X11 Improvements

today's howtos

  • Btrfs on CentOS: Living with Loopback | Linux Journal

    The btrfs filesystem has taunted the Linux community for years, offering a stunning array of features and capability, but never earning universal acclaim. Btrfs is perhaps more deserving of patience, as its promised capabilities dwarf all peers, earning it vocal proponents with great influence. Still, none can argue that btrfs is unfinished, many features are very new, and stability concerns remain for common functions. Most of the intended goals of btrfs have been met. However, Red Hat famously cut continued btrfs support from their 7.4 release, and has allowed the code to stagnate in their backported kernel since that time. The Fedora project announced their intention to adopt btrfs as the default filesystem for variants of their distribution, in a seeming juxtaposition. SUSE has maintained btrfs support for their own distribution and the greater community for many years. For users, the most desirable features of btrfs are transparent compression and snapshots; these features are stable, and relatively easy to add as a veneer to stock CentOS (and its peers). Administrators are further compelled by adjustable checksums, scrubs, and the ability to enlarge as well as (surprisingly) shrink filesystem images, while some advanced btrfs topics (i.e. deduplication, RAID, ext4 conversion) aren't really germane for minimal loopback usage. The systemd init package also has dependencies upon btrfs, among them machinectl and systemd-nspawn. Despite these features, there are many usage patterns that are not directly appropriate for use with btrfs. It is hostile to most databases and many other programs with incompatible I/O, and should be approached with some care.

  • How To List Filesystems In Linux Using Lfs - OSTechNix

    Lfs is a commandline tool used to list filesystems in Linux system. Lfs is slightly a better alternative to "df -H" command.

  • How to Install Debian Linux 10.5 with MATE Desktop + VMware Tools on VMware Workstation - SysAdmin

    This video tutorial shows how to install Debian Linux 10.5 with MATE Desktop on VMware Workstation step by step.

  • How to Install Mageia Linux 7.1 + VMware Tools on VMware Workstation - SysAdmin

    This video tutorial shows how to install Mageia Linux 7.1 on VMware Workstation step by step.

  • How to install Krita 4.3.0 on Deepin 20 - YouTube

    In this video, we are looking at how to install Krita 4.3.0 on Deepin 20.

  • How to install PHP 7.4 in Ubuntu 20.04? | LibreByte

    PHP-FPM is used together with a web server like Apache or NGINX, PHP-FPM serves dynamic content, while the web server serve static content

  • How to install the Blizzard Battle.net on a Chromebook

    Today we are looking at how to install the Blizzard Battle.net on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • How to install the MGT GTK theme on Linux

    MGT is a modern theme that is based on the Materia GTK theme. It comes in 4 different colors (Grey, Semi-Dark, Light, and Dark) and brings the Google Material Design look that many Linux users love. In this guide, we’ll show you how to install the MGT GTK theme on Linux.

  • How to install the RavenDB NoSQL database on Ubuntu 20.04 - TechRepublic

    If you're looking to deploy a powerful NoSQL database on Linux, let Jack Wallen walk you through the process of installing RavenDB.

  • Implementing a self-signed certificate on an Ubuntu Server > Tux-Techie

    In this tutorial, we will show you how to create a self-signed certificate with OpenSSL on an Ubuntu 20.04 server and discuss its use cases.